Privacy Policy

Introduction

This privacy policy is to provide information to you, our patient, on how your personal information (which includes your health information) is collected and used within Weston Medical Practice (“our Practice”), and the circumstances in which we may share it with third parties.

Why and when your consent is necessary 

When you register as a patient of our practice, you provide consent for our GPs and practice staff to access and use your personal information so they can provide you with the best possible healthcare. Only those that need to see your personal information will have access to it. If we need to use your information for anything else, we will seek additional consent from you to do this. 

Why do we collect, use, hold and share your personal information? 

Our practice will need to collect your personal information to provide healthcare services to you. Our main purpose for collecting, using, holding and sharing your personal information is to manage your health. We also use it for directly related business activities, such as financial claims and payments (e.g. Medicare / DVA), practice audits and accreditation, and business processes (e.g. staff training).

What personal information do we collect? 

The information we will collect about you includes your:

• names, date of birth, addresses, contact details, cultural identity
• medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors 
• Medicare number (where available) for identification and claiming purposes and Centrelink or DVA numbers if appropriate
• healthcare identifiers 
• health fund details

How do we collect your personal information? 

Our practice may collect your personal information to use in several different ways.

1. When you book your first appointment our practice staff will collect some of your personal and demographic information via your registration. Additional information, including medical history information, will be collected at your initial visit.
2. Our practice also supports eHealth services, such as the My Health Record program. Your participation in the My Health Record program is voluntary. We will only access and/contribute to your My Health Record with your consent, unless required in a medical emergency.
3. We may also collect your personal information when you visit our website, send us an email or SMS, telephone us, make an online appointment or communicate with us using social media. 
4. In some circumstances personal information may also be collected from other sources. Often this is because it is not practical or reasonable to collect it from you directly. This may include information from:
   • your guardian or responsible person
   • other involved healthcare providers, such as specialists, allied health professionals, hospitals, community health services and pathology and diagnostic imaging services
   • your health fund, Medicare, or the Department of Veterans’ Affairs (as necessary). 

When why and with who do we share your personal information?

We sometimes share your personal information:

• with third parties who work with our practice for business purposes, such as accreditation agencies or research programs – these third parties are required to comply with the Australian Privacy Principles and with this policy. HNECCPHN, and SmartVax are third parties with whom we routinely share DE-IDENTIFIED patient data. More information about each is provided below.
• with other healthcare providers (eg when we refer you for specialist services)
• when it is required or authorised by law (eg court subpoenas) 
• when it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent
• to assist in locating a missing person
• for the purpose of confidential dispute resolution process 
• when there is a statutory requirement to share certain personal information (eg some diseases require mandatory notification)
• through participation in the My Health Record program (eg sharing Health Summaries or Event Summaries in your personal My Health Record)

Sharing Your Information with HNECCPHN
Your DE-IDENTIFIED health information is routinely shared with the Hunter New England Central Coast Primary Health Network (HNECCPHN) for the purpose of population health planning, quality improvement and clinical audit activities, and evaluation and research purposes. This DE-IDENTIFIED data set is received and stored by the HNECCPHN using secure, encrypted data extraction and transfer systems, and may be used for local and national research purposes in conjunction with third parties such as universities and other research centres. You can choose to opt-out of this program at any time, with no impact on your care.

Sharing Your Health Information with SmartVax
SmartVax is a vaccine safety surveillance tool. Patients at our practice who receive a vaccination, including childhood immunisations, will receive a text (SMS) message to their nominated mobile number 3 days following vaccination. Patients who report a reaction will be sent a follow-up text message to determine the nature, severity and duration of the reaction. As part of the AusVaxSafety initiative, led by the National Centre for Immunisation Research and Surveillance (NCIRS), the DE-IDENTIFIED vaccination information shared with SmartVax is used to conduct rapid vaccine safety surveillance in children and adults, monitor and research the safety of vaccines and refine and improve existing vaccine programs in Australia. You can choose to opt-out of this program at any time, with no impact on your care.

What is DE-IDENTIFIED data?
De-identified health information is data that has had all identifying information, such as name, date of birth and address REMOVED so that the information cannot be linked to the person it came from. This means that your information can be used in projects that aim to improve the health of people across Australia, but no-one will know which patient the information came from.

How do we store and protect your personal information?

Your personal information is stored securely within our practice’s electronic clinical software program. From time to time we may also hold physical records (such as correspondence, x-rays, scans) but once these are transferred to your electronic record they are securely destroyed or returned to you. While held by the practice these paper records are stored securely and only accessible by practice staff.

All patient personal information stored within our electronic clinical software program is protected and secured in accordance with the RACGP’s Computer and Information Security Standards. All computers are password protected and have automatic screen-savers activated. All practice staff are aware of and educated in privacy and confidentiality policies including the Australian Privacy Principles and all staff and contractors have signed confidentiality agreements.

How can you lodge a privacy-related complaint, and how will the complaint be handled at our practice?

We take complaints and concerns regarding privacy seriously. You should express any privacy concerns you may have in writing. We will then attempt to resolve it in accordance with our resolution procedure. Please allow up to 30 days for us to respond to your concern.

Email:     manager@westonmedicalcentre.com.au

Post:      49 Station St Weston NSW 2326

Phone:     (02) 4936 2533

You may also contact the Office of the Australian Information Commissioner (OAIC). Generally, the OAIC will require you to give them time to respond before they will investigate. For further information visit www.oaic.gov.au or call the OAIC on 1300 363 992. 

Policy review

Our privacy policy will be reviewed regularly to ensure it is in accordance with any changes that may occur at a practice or legislative level. Any amended policy will be posted on our website and copies will be available at the Practice for patients to access.